Almost all networks, regardless of physical or logical architecture encounter information security challenges. In some cases, such as Industrial Control Systems (ICS), these challenges are even more pronounced as environmental factors force compromised security postures.
ICS is a generic term describing the relationship between hardware, software and network connectivity. Each ICS is tailored to its industry and functions accordingly. Industrial control systems are used in the majority of the industrial sector, but it is also important to critical infrastructure. Transport, energy, water treatment all rely on ICS.
The continuous functioning of the ICS can be important, the components of which have a sole purpose of running and doing repetitive tasks. Hence, any downtime can come with costly repairs and even dangerous ramifications. If the ICS does not operate correctly, minor issues can escalate rapidly. For instance, a pump might not be operating correctly or reporting its current state correctly to the Human Machine Interface (HMI). Or, a valve might be shut when the HMI indicates that it is open and venting, causing the operator to miss a potentially dangerous situation. Either of these instances could be major issues for any industrial production and a great source of concern to critical infrastructure.
When considering the current state of Industrial Control Systems one should envision not only the examples provided above but also other, more serious threats. There have been numerous examples of cyber-attacks on ICS' over the years and the rate has increased drastically. Many industrial control systems run on legacy hardware, not considering modern vulnerabilities that arise with technological advances. Considering that these systems can be connected and can include legacy devices, they can generally be classified as vulnerable. From 2015 to 2016, attacks on ICS went up 110 percent with the United States being the largest target of attacks. This can mostly be explained by the fact that the US has the largest ICS presence. Some of the notable attacks on ICS include the 2016 New York Dam attack, the 2015 Ukraine Power Outage, and the 2010 Siemens Stuxnet.
This disclosure addresses a Man-in-the-middle attack, which is basically when an attacker can simulate one end of the communications line in order to submit commands. The attacker can spoof a user to the system and issue commands without the normal operator ever knowing.
Man-in-the-middle attacks can be performed on control system protocols if the attacker knows the protocol being manipulated. An attacker can modify packets in transit, providing both a full spoof of the operator HMI displays and full control of the control system. By inserting commands into the command stream the attacker can issue arbitrary or targeted commands. By modifying replies, the operator can be presented with a modified picture of the process.
Lack of encryption and mutual authentication expose ICS to alteration of in-transmission instructions, commands, or alarms by network intruders. Replay attacks can trigger automatic system responses resulting in unpredictable malfunctions. Spoofing attacks can cause inaccurate monitoring data that could be presented to system operators, prompting inappropriate and potentially dangerous human intervention. Network sniffing may expose confidential data to invisible interception for governmental or industrial espionage, terrorist attacks, or criminal pursuits. Hence, an attacker who knows which protocols the ICS is using can easily perform a Man-in-the-middle attack. The attacker can alter packets that are in transit taking control of the HMI, and also issue random commands to the PLC.
Known public blockchains use consensus models based in proof-of-work (PoW) and proof-of-stake (PoS). These blockchains have considerations such as incentive to power the trustless nature of many blockchains. Models such as PoW involve incredible amounts of compute power to maintain a stable blockchain consensus environment. Despite the amount of power this model involves, it has been deemed necessary in a public environment.